Overview

overview

10

Static

static

10

samples2.zip

windows7-x64

1

samples2.zip

windows10-2004-x64

1

032e2e00eb...36.exe

windows7-x64

3

032e2e00eb...36.exe

windows10-2004-x64

3

07e98c92e1...3b.exe

windows7-x64

8

07e98c92e1...3b.exe

windows10-2004-x64

8

0a045d39cb...35.exe

windows7-x64

7

0a045d39cb...35.exe

windows10-2004-x64

7

2d713e13f7...d3.exe

windows7-x64

1

2d713e13f7...d3.exe

windows10-2004-x64

1

37a83fd6b1...32.exe

windows7-x64

1

37a83fd6b1...32.exe

windows10-2004-x64

1

390b31934a...56.exe

windows7-x64

9

390b31934a...56.exe

windows10-2004-x64

9

4dc6bd447e...9d.exe

windows7-x64

1

4dc6bd447e...9d.exe

windows10-2004-x64

1

5300d74561...0d.exe

windows7-x64

10

5300d74561...0d.exe

windows10-2004-x64

10

5e7d11d6bd...c6.exe

windows7-x64

7

5e7d11d6bd...c6.exe

windows10-2004-x64

1

64c7d9f709...20.exe

windows7-x64

1

64c7d9f709...20.exe

windows10-2004-x64

1

7db03ff8a8...3a.exe

windows7-x64

1

7db03ff8a8...3a.exe

windows10-2004-x64

1

81cb6442c2...78.exe

windows7-x64

1

81cb6442c2...78.exe

windows10-2004-x64

1

8629ec2aed...11.exe

windows7-x64

1

8629ec2aed...11.exe

windows10-2004-x64

1

8b13ff52ff...ab.exe

windows7-x64

8

8b13ff52ff...ab.exe

windows10-2004-x64

8

90b4871229...11.exe

windows7-x64

7

90b4871229...11.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    175s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    01-01-2024 15:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    90b4871229a8654c4258d4d470475e891b7db88407f53653a110de8d70fa4811.exe

  • Size

    314KB

  • MD5

    259d9f8bc15f10ef1ab2c317761c9090

  • SHA1

    3c2aab8e61c9921dea686a1122baa6c1b49956f8

  • SHA256

    90b4871229a8654c4258d4d470475e891b7db88407f53653a110de8d70fa4811

  • SHA512

    81a7e3aff9f66aff436d2dabd93ce88499c15536ad3124977a284d8e7bf99be10a7b644ea4b4af32a6db4e1d5dbd823485a4179d928a58e748031416db92847e

  • SSDEEP

    6144:9k0Ps14JKZ6JIpESQAko1/ndluhQyLTXBaW8GpjBlyQJNO0ww/LXz67:9BPZJev5Q/wd02yLTXBaLGpjBlyQDzwZ

Score
7/10
spywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\90b4871229a8654c4258d4d470475e891b7db88407f53653a110de8d70fa4811.exe
    "C:\Users\Admin\AppData\Local\Temp\90b4871229a8654c4258d4d470475e891b7db88407f53653a110de8d70fa4811.exe"
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    PID:2716

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPlusWW.xml
    Filesize

    2.8MB

    MD5

    6f51d927adddfac3abd8ddc16d1db390

    SHA1

    3ea3843e57a6bb8bdaf4a18fd405c1aef32ef611

    SHA256

    5eded0030f9ac455b8579b0f251c0c0832c19110961ce0364b7e0190d6191637

    SHA512

    1b9f19c448daa78003f24eef9e7cec78fec3986e71ceeac35cb7ce197366a128109ef54cc13fcda9ac5d908633871e8aa805836068a297a12d9253be4a71f43d

    Download Submit

  • C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\Setup.xml
    Filesize

    888KB

    MD5

    a1c3ce3e4526db6a30fdb3bdd19e9e95

    SHA1

    c8cb97e2ccfec228a70964cbd03aaca4200f94ef

    SHA256

    6e003b7e28501e51ef6dc5823311e1531d8b0dad048c8a2b8b88927e6ad22f4c

    SHA512

    01ea90f04d869e4e021e18c5cf5087a57f4b362916d661bdaba94f17da04cd0ed56d36c2162fc48aead7c706e6c431dd8432260f906ed8dfa662c42862b3b1a7

    Download Submit

  • C:\Program Files\7-Zip\Lang\an.txt
    Filesize

    12.8MB

    MD5

    ef579fddde15ded24f1a83da315c8699

    SHA1

    a1b1530523800f09ec318df54dbeb957750ae094

    SHA256

    af84eb7bdd6e343a138e0a6e31b89ba64fcefaea8a3ad19dcb9d7d6afdaeba5e

    SHA512

    4a1526e62642e59697755b3dc833be1103cb920755e120e891113861f18634111b962225827b23b328e8c9ce3ed482d1239326696390e356d548ce19aa7f8dea

    Download Submit

  • C:\Program Files\7-Zip\Lang\cy.txt
    Filesize

    17.8MB

    MD5

    b96feb1f59f7d80a44ff7fce0632c2f6

    SHA1

    adada5f4d905c17f109a77912952093da3ef1023

    SHA256

    c9d39951ba308853ceada864590940197d0c977bbd00286d9172fa3503349611

    SHA512

    60158ed77ebc3e20debba40ffac7c901dd13334507009f3e3188e7283357a4684399cf57ca93b26c4565572ea2557e614109a409e42134d169e7f63f541d4b16

    Download Submit

  • C:\Program Files\7-Zip\Lang\he.txt
    Filesize

    3.9MB

    MD5

    e2c61a3185868026697c7fdb7cba8361

    SHA1

    8deb4b371c8dd9e51699901c88bfde00cef4e659

    SHA256

    fbc9ee6ec38c75dfec001cc8b87f75033448be312d3e2fa1f2c315ea477e4ec4

    SHA512

    0b18683866662c017beb59b4d38541439fbb0c1a406e1bc18198bd4dfda56446a9ec65d384278d5beebfdd474ca84d7da43a09cf6e0cf20da877cfe2f2a1b6fe

    Download Submit

  • C:\Program Files\7-Zip\Lang\hy.txt
    Filesize

    1.8MB

    MD5

    69447d3ece597412e8f00b6213112090

    SHA1

    8da03291556eb1037a6f6ceeedb9101bd4a2fe88

    SHA256

    d3ea2520a33e6b6068970a26dc9c8e09832f7c4707091c143630df2f0b4de5c6

    SHA512

    37d1852564a347c59136b4be2160ffdac94d01bc322f1e6e4310fa23b7ca64a38ba13aecfc42d3dc270435b0d70317a3d95cbf47dcc54bf41ab477fa2cb088f8

    Download Submit

  • C:\Program Files\7-Zip\Lang\lv.txt
    Filesize

    4.9MB

    MD5

    f59ddbcf095cc38cddd5cadc7036a97a

    SHA1

    5f5411b94c36cc46b20a800a1f6b0ed718d57c56

    SHA256

    8a6089c5ea8842c4c24ef934fb592f5a7bc9cf8426a47432ca3127268375be0f

    SHA512

    844f20c62b2485fc7f45cb75341bb3f25ed5cc4b54700203b4f9ae6796b79853b32fb97bf21a4a6e6fc238ac17ff5950e73301f02f2dd293e769db8d17c2650a

    Download Submit

  • C:\Program Files\7-Zip\Lang\ne.txt
    Filesize

    4.9MB

    MD5

    23414c73411e096423dc58630a03d8cf

    SHA1

    a9c7976512932e306f4ac2724ca9d8f4d64030aa

    SHA256

    ecbceecabf3ea78cc89cdfdd0e0646d49822d959cc0671e3623cfb654e6ff7ad

    SHA512

    b3921e7dd465afcdf7eacd4002c223ce7e972cbd8bc542653b46cd3d9a04651cbcf9fc87f972f0681dd32f96c16f09590fb87772ff8f832cba84b240ca2a7518

    Download Submit

  • C:\Program Files\7-Zip\Lang\pt.txt
    Filesize

    505KB

    MD5

    b9385a3a5b5c4a42421371a55ab61d40

    SHA1

    e7bab28250b65d0349a20e60bbd352b1b2d16dfa

    SHA256

    da9833b2af381ee628ccad7d9440bc70fe3b6d53dfda132813248ec37abb7e6e

    SHA512

    38b74652a88f7e6bd9f7156b52efe00b6a47387152c4fad8ebd6547d79cf6d12bb1425c7d92d97c822d599733d2adcf6bf19be7588ddea198e2d6ae3ee08f8ea

    Download Submit

  • C:\Program Files\7-Zip\Lang\tt.txt
    Filesize

    1.3MB

    MD5

    fcd76ffed2a23e4b2a7d348f6376f42c

    SHA1

    43648baaf18b6fb4fe4df0fcf0ddd22829cbab0b

    SHA256

    5f0e9474e75c5c3ac020f17a24cd787d3db40f403a98fcd40857afc0668548f4

    SHA512

    bb6bc504a095775440266d6bc13fb3a6a7dc9381e82d5c38d2d2b2a68ebd54e06e0ef6632dba8494f294f3b42ec3f84351f9affb7594c3b2c971b016931d2e9b

    Download Submit

  • memory/2716-47-0x0000000000020000-0x0000000000023000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2716-192-0x0000000000960000-0x0000000000A4F000-memory.dmp

    Filesize

    956KB

    Download

  • memory/2716-189-0x0000000000960000-0x0000000000A4F000-memory.dmp

    Filesize

    956KB

    Download

  • memory/2716-136-0x0000000000960000-0x0000000000A4F000-memory.dmp

    Filesize

    956KB

    Download

  • memory/2716-96-0x0000000000960000-0x0000000000A4F000-memory.dmp

    Filesize

    956KB

    Download

  • memory/2716-1-0x0000000000020000-0x0000000000023000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2716-317-0x0000000000960000-0x0000000000A4F000-memory.dmp

    Filesize

    956KB

    Download

  • memory/2716-45-0x0000000000960000-0x0000000000A4F000-memory.dmp

    Filesize

    956KB

    Download

  • memory/2716-349-0x0000000000960000-0x0000000000A4F000-memory.dmp

    Filesize

    956KB

    Download

  • memory/2716-404-0x0000000000960000-0x0000000000A4F000-memory.dmp

    Filesize

    956KB

    Download

  • memory/2716-0-0x0000000000960000-0x0000000000A4F000-memory.dmp

    Filesize

    956KB

    Download